diff --git a/include/NetworkInterface.h b/include/NetworkInterface.h index f7de375174..afc936c874 100644 --- a/include/NetworkInterface.h +++ b/include/NetworkInterface.h @@ -214,7 +214,7 @@ class NetworkInterface : public OtherAlertableEntity { bool flow_dump_disabled; u_int32_t ifSpeed, numL2Devices, numHosts, numLocalHosts, scalingFactor; /* Those will hold counters at checkpoints */ - u_int64_t checkpointPktCount, checkpointBytesCount, checkpointPktDropCount; + u_int64_t checkpointPktCount, checkpointBytesCount, checkpointPktDropCount, checkpointDroppedAlertsCount; u_int64_t checkpointDiscardedProbingPktCount, checkpointDiscardedProbingBytesCount; u_int16_t ifMTU; int cpu_affinity; /**< Index of physical core where the network interface works. */ @@ -491,6 +491,7 @@ class NetworkInterface : public OtherAlertableEntity { /* Overridden in ViewInterface.cpp */ virtual u_int64_t getCheckPointNumPackets(); + virtual u_int64_t getCheckPointDroppedAlerts(); virtual u_int64_t getCheckPointNumBytes(); virtual u_int32_t getCheckPointNumPacketDrops(); virtual u_int64_t getCheckPointNumDiscardedProbingPackets() const; @@ -704,6 +705,7 @@ class NetworkInterface : public OtherAlertableEntity { /* Overridden in ViewInterface.cpp */ virtual u_int64_t getNumPackets(); virtual u_int64_t getNumBytes(); + virtual u_int64_t getNumDroppedAlerts(); virtual void updatePacketsStats() { }; virtual u_int32_t getNumDroppedPackets() { return 0; }; virtual u_int32_t getNumDroppedFlowScriptsCalls() { return num_dropped_flow_scripts_calls; }; @@ -721,6 +723,7 @@ class NetworkInterface : public OtherAlertableEntity { inline u_int64_t getNumPacketsSinceReset() { return getNumPackets() - getCheckPointNumPackets(); } inline u_int64_t getNumBytesSinceReset() { return getNumBytes() - getCheckPointNumBytes(); } inline u_int64_t getNumPacketDropsSinceReset() { return getNumPacketDrops() - getCheckPointNumPacketDrops(); } + inline u_int64_t getNumDroppedAlertsSinceReset() { return getNumDroppedAlerts() - getCheckPointDroppedAlerts(); } inline u_int64_t getNumDiscProbingPktsSinceReset() const { return getNumDiscardedProbingPackets() - getCheckPointNumDiscardedProbingPackets(); }; @@ -967,7 +970,6 @@ class NetworkInterface : public OtherAlertableEntity { inline void incNumDroppedAlerts(u_int32_t num_dropped) { num_dropped_alerts += num_dropped; } inline void incNumWrittenAlerts() { num_written_alerts++; } inline void incNumAlertsQueries() { num_alerts_queries++; } - inline u_int64_t getNumDroppedAlerts() { return(num_dropped_alerts); } inline u_int64_t getNumWrittenAlerts() { return(num_written_alerts); } inline u_int64_t getNumAlertsQueries() { return(num_alerts_queries); } void walkAlertables(AlertEntity alert_entity, const char *entity_value, diff --git a/include/ViewInterface.h b/include/ViewInterface.h index 838aa82f88..5eebff2202 100644 --- a/include/ViewInterface.h +++ b/include/ViewInterface.h @@ -64,6 +64,7 @@ class ViewInterface : public NetworkInterface { AlertsQueue* getAlertsQueue() const { return alertsQueue; }; virtual u_int64_t getNumPackets(); + virtual u_int64_t getNumDroppedAlerts(); virtual u_int64_t getNumBytes(); virtual u_int getNumPacketDrops(); virtual u_int64_t getNumDiscardedProbingPackets() const; @@ -74,6 +75,7 @@ class ViewInterface : public NetworkInterface { virtual u_int64_t getNumActiveAlertedFlows() const; virtual u_int64_t getCheckPointNumPackets(); + virtual u_int64_t getCheckPointDroppedAlerts(); virtual u_int64_t getCheckPointNumBytes(); virtual u_int32_t getCheckPointNumPacketDrops(); virtual u_int64_t getCheckPointNumDiscardedProbingPackets() const; diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp index 0ef3154471..ab4565c188 100644 --- a/src/NetworkInterface.cpp +++ b/src/NetworkInterface.cpp @@ -259,7 +259,7 @@ void NetworkInterface::init() { numL2Devices = 0, numHosts = 0, numLocalHosts = 0, arp_requests = arp_replies = 0, has_mac_addresses = false, - checkpointPktCount = checkpointBytesCount = checkpointPktDropCount = 0, + checkpointPktCount = checkpointBytesCount = checkpointPktDropCount = checkpointDroppedAlertsCount = 0, checkpointDiscardedProbingPktCount = checkpointDiscardedProbingBytesCount = 0, pollLoopCreated = false, bridge_interface = false, mdns = NULL, discovery = NULL, ifDescription = NULL, @@ -5441,6 +5441,12 @@ u_int64_t NetworkInterface::getNumBytes() { /* **************************************************** */ +u_int64_t NetworkInterface::getNumDroppedAlerts() { + return((u_int64_t)num_dropped_alerts); +} + +/* **************************************************** */ + u_int32_t NetworkInterface::getNumPacketDrops() { return(!isSubInterface() ? getNumDroppedPackets() : 0); }; @@ -5728,7 +5734,7 @@ void NetworkInterface::lua(lua_State *vm) { lua_push_bool_table_entry(vm, "has_alerts", hasAlerts()); lua_push_int32_table_entry(vm, "num_alerts_engaged", getNumEngagedAlerts()); luaAlertedFlows(vm); - lua_push_int32_table_entry(vm, "num_dropped_alerts", num_dropped_alerts); + lua_push_uint64_table_entry(vm, "num_dropped_alerts", getNumDroppedAlertsSinceReset()); lua_push_uint64_table_entry(vm, "periodic_stats_update_frequency_secs", periodicStatsUpdateFrequency()); /* .stats */ @@ -6596,6 +6602,7 @@ void NetworkInterface::checkPointCounters(bool drops_only) { checkpointPktCount = getNumPackets(), checkpointBytesCount = getNumBytes(); } + checkpointDroppedAlertsCount = getNumDroppedAlerts(); checkpointPktDropCount = getNumPacketDrops(); checkpointDiscardedProbingPktCount = getNumDiscardedProbingPackets(); checkpointDiscardedProbingBytesCount = getNumDiscardedProbingBytes(); @@ -6611,6 +6618,12 @@ u_int64_t NetworkInterface::getCheckPointNumPackets() { /* **************************************************** */ +u_int64_t NetworkInterface::getCheckPointDroppedAlerts() { + return(checkpointDroppedAlertsCount); +}; + +/* **************************************************** */ + u_int64_t NetworkInterface::getCheckPointNumBytes() { return(checkpointBytesCount); } diff --git a/src/ViewInterface.cpp b/src/ViewInterface.cpp index 9b71081fe6..055bf56361 100644 --- a/src/ViewInterface.cpp +++ b/src/ViewInterface.cpp @@ -206,6 +206,17 @@ u_int64_t ViewInterface::getNumPackets() { /* **************************************************** */ +u_int64_t ViewInterface::getNumDroppedAlerts() { + u_int64_t tot = 0; + + for(u_int8_t s = 0; sgetNumDroppedAlerts(); + + return(tot); +}; + +/* **************************************************** */ + u_int32_t ViewInterface::getNumPacketDrops() { u_int32_t tot = 0; @@ -307,6 +318,17 @@ u_int64_t ViewInterface::getCheckPointNumPackets() { /* **************************************************** */ +u_int64_t ViewInterface::getCheckPointDroppedAlerts() { + u_int64_t tot = 0; + + for(u_int8_t s = 0; s < num_viewed_interfaces; s++) + tot += viewed_interfaces[s]->getCheckPointDroppedAlerts(); + + return(tot); +}; + +/* **************************************************** */ + u_int64_t ViewInterface::getCheckPointNumBytes() { u_int64_t tot = 0; diff --git a/src/flow_callbacks/RemoteAccess.cpp b/src/flow_callbacks/RemoteAccess.cpp index df817d3148..53a6ffb4fb 100644 --- a/src/flow_callbacks/RemoteAccess.cpp +++ b/src/flow_callbacks/RemoteAccess.cpp @@ -25,7 +25,7 @@ /* ***************************************************** */ void RemoteAccess::protocolDetected(Flow *f) { - Host *cli = f->get_cli_host(), *srv = f->get_srv_host(); + Host *cli = f->get_cli_host(); switch(f->get_protocol_category()) { case NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS: @@ -42,7 +42,7 @@ void RemoteAccess::protocolDetected(Flow *f) { /* ***************************************************** */ void RemoteAccess::flowEnd(Flow *f) { - Host *cli = f->get_cli_host(), *srv = f->get_srv_host(); + Host *cli = f->get_cli_host(); u_int8_t c_score = 5, s_score = 5; switch(f->get_protocol_category()) {